"Using https and an IP, that's just NOT possible - not logic - it's counter productive …"
Huh??? An IP is no different than FQDN, you can for sure put IP as SAN in your cert so you do not get any warning..
Notice my pretty green icon, and hitting it via IP.. Notice the SAN have 2 different IPs in them and another fqdn for another interface - so I can hit it with that name or that IP and still trust the cert..
SANinCert.png
SANinCert.png_thumb